Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

What permissions are required to grant for read-only workbench on OpenSearch

0

We have a use-case to grant SQL Workbench access generated by OpenSearch dashboard. With the access, people should be able to run only select queries.

Temas
Sin servidorAnálisisSeguridad, identidad y cumplimiento
Etiquetas
Amazon OpenSearch ServiceGrupos de usuarios de Amazon Cognito
Idioma
English
Sarath
preguntada hace 9 meses504 visualizaciones
1 Respuesta
0

Hi,

What you want to do is to leverage the fine-grained access control to your data provided by OpenSearch: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html

For use with Cognito, please, follow the guidance of this specific page: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac-walkthrough-iam.html

You may also want to see this in-depth video detailling how to secure OpenSearch dashboards: https://www.youtube.com/watch?v=TgnHBz4i63M

Best,

Didier

profile pictureAWS
EXPERTO
Didier_Durand
respondido hace 9 meses
  • Sarath
    hace 9 meses

    We are already using FGAC for the opensearch domain. When an RO user is trying to execute a query using workbench it is giving us the following error: SHOW tables LIKE %: Service Unavailable, this query is not runnable.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante